Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2168)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2024-2220)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a clien...

EulerOS 2.0 SP12 : nghttp2 (EulerOS-SA-2024-2221)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2143)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2134)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

EulerOS Virtualization 2.10.1 : mod_http2 (EulerOS-SA-2024-2143)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

EulerOS Virtualization 2.10.1 : nghttp2 (EulerOS-SA-2024-2144)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

EulerOS Virtualization 2.10.0 : mod_http2 (EulerOS-SA-2024-2123)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-2114)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

ALSA-2024:5529 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-2134)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2024-2124)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-020)

The version of tomcat installed on the remote host is prior to 8.5.100-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2024-020 advisory. Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When...

Amazon Linux 2 : nerdctl (ALAS-2024-2618)

The version of nerdctl installed on the remote host is prior to 1.7.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2618 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receive...

ROS-20240815-18

Vulnerability in the HTTP/2 protocol implementation of Mozilla Firefox, Firefox ESR and the mail client Thunderbird is related to uncontrolled resource consumption as a result of incorrect limitation on the field block size when processing CONTINUATION frames. field block size when processing...

ROS-20240815-06

Vulnerability in the HTTP/2 protocol implementation of Mozilla Firefox, Firefox ESR and the mail client Thunderbird is related to uncontrolled resource consumption as a result of incorrect limitation on the field block size when processing CONTINUATION frames. field block size when processing...

Medium: mod_http2

Issue Overview: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Affected Packages: modhttp2 Issue Correction: Run dnf update modhttp2 --releasever 2023.5.202408...